1 /* 2 * ARM TrustZone peripheral protection controller emulation 3 * 4 * Copyright (c) 2018 Linaro Limited 5 * Written by Peter Maydell 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 or 9 * (at your option) any later version. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "qemu/log.h" 14 #include "qemu/module.h" 15 #include "qapi/error.h" 16 #include "trace.h" 17 #include "hw/sysbus.h" 18 #include "hw/registerfields.h" 19 #include "hw/irq.h" 20 #include "hw/misc/tz-ppc.h" 21 22 static void tz_ppc_update_irq(TZPPC *s) 23 { 24 bool level = s->irq_status && s->irq_enable; 25 26 trace_tz_ppc_update_irq(level); 27 qemu_set_irq(s->irq, level); 28 } 29 30 static void tz_ppc_cfg_nonsec(void *opaque, int n, int level) 31 { 32 TZPPC *s = TZ_PPC(opaque); 33 34 assert(n < TZ_NUM_PORTS); 35 trace_tz_ppc_cfg_nonsec(n, level); 36 s->cfg_nonsec[n] = level; 37 } 38 39 static void tz_ppc_cfg_ap(void *opaque, int n, int level) 40 { 41 TZPPC *s = TZ_PPC(opaque); 42 43 assert(n < TZ_NUM_PORTS); 44 trace_tz_ppc_cfg_ap(n, level); 45 s->cfg_ap[n] = level; 46 } 47 48 static void tz_ppc_cfg_sec_resp(void *opaque, int n, int level) 49 { 50 TZPPC *s = TZ_PPC(opaque); 51 52 trace_tz_ppc_cfg_sec_resp(level); 53 s->cfg_sec_resp = level; 54 } 55 56 static void tz_ppc_irq_enable(void *opaque, int n, int level) 57 { 58 TZPPC *s = TZ_PPC(opaque); 59 60 trace_tz_ppc_irq_enable(level); 61 s->irq_enable = level; 62 tz_ppc_update_irq(s); 63 } 64 65 static void tz_ppc_irq_clear(void *opaque, int n, int level) 66 { 67 TZPPC *s = TZ_PPC(opaque); 68 69 trace_tz_ppc_irq_clear(level); 70 71 s->irq_clear = level; 72 if (level) { 73 s->irq_status = false; 74 tz_ppc_update_irq(s); 75 } 76 } 77 78 static bool tz_ppc_check(TZPPC *s, int n, MemTxAttrs attrs) 79 { 80 /* Check whether to allow an access to port n; return true if 81 * the check passes, and false if the transaction must be blocked. 82 * If the latter, the caller must check cfg_sec_resp to determine 83 * whether to abort or RAZ/WI the transaction. 84 * The checks are: 85 * + nonsec_mask suppresses any check of the secure attribute 86 * + otherwise, block if cfg_nonsec is 1 and transaction is secure, 87 * or if cfg_nonsec is 0 and transaction is non-secure 88 * + block if transaction is usermode and cfg_ap is 0 89 */ 90 if ((attrs.secure == s->cfg_nonsec[n] && !(s->nonsec_mask & (1 << n))) || 91 (attrs.user && !s->cfg_ap[n])) { 92 /* Block the transaction. */ 93 if (!s->irq_clear) { 94 /* Note that holding irq_clear high suppresses interrupts */ 95 s->irq_status = true; 96 tz_ppc_update_irq(s); 97 } 98 return false; 99 } 100 return true; 101 } 102 103 static MemTxResult tz_ppc_read(void *opaque, hwaddr addr, uint64_t *pdata, 104 unsigned size, MemTxAttrs attrs) 105 { 106 TZPPCPort *p = opaque; 107 TZPPC *s = p->ppc; 108 int n = p - s->port; 109 AddressSpace *as = &p->downstream_as; 110 uint64_t data; 111 MemTxResult res; 112 113 if (!tz_ppc_check(s, n, attrs)) { 114 trace_tz_ppc_read_blocked(n, addr, attrs.secure, attrs.user); 115 if (s->cfg_sec_resp) { 116 return MEMTX_ERROR; 117 } else { 118 *pdata = 0; 119 return MEMTX_OK; 120 } 121 } 122 123 switch (size) { 124 case 1: 125 data = address_space_ldub(as, addr, attrs, &res); 126 break; 127 case 2: 128 data = address_space_lduw_le(as, addr, attrs, &res); 129 break; 130 case 4: 131 data = address_space_ldl_le(as, addr, attrs, &res); 132 break; 133 case 8: 134 data = address_space_ldq_le(as, addr, attrs, &res); 135 break; 136 default: 137 g_assert_not_reached(); 138 } 139 *pdata = data; 140 return res; 141 } 142 143 static MemTxResult tz_ppc_write(void *opaque, hwaddr addr, uint64_t val, 144 unsigned size, MemTxAttrs attrs) 145 { 146 TZPPCPort *p = opaque; 147 TZPPC *s = p->ppc; 148 AddressSpace *as = &p->downstream_as; 149 int n = p - s->port; 150 MemTxResult res; 151 152 if (!tz_ppc_check(s, n, attrs)) { 153 trace_tz_ppc_write_blocked(n, addr, attrs.secure, attrs.user); 154 if (s->cfg_sec_resp) { 155 return MEMTX_ERROR; 156 } else { 157 return MEMTX_OK; 158 } 159 } 160 161 switch (size) { 162 case 1: 163 address_space_stb(as, addr, val, attrs, &res); 164 break; 165 case 2: 166 address_space_stw_le(as, addr, val, attrs, &res); 167 break; 168 case 4: 169 address_space_stl_le(as, addr, val, attrs, &res); 170 break; 171 case 8: 172 address_space_stq_le(as, addr, val, attrs, &res); 173 break; 174 default: 175 g_assert_not_reached(); 176 } 177 return res; 178 } 179 180 static const MemoryRegionOps tz_ppc_ops = { 181 .read_with_attrs = tz_ppc_read, 182 .write_with_attrs = tz_ppc_write, 183 .endianness = DEVICE_LITTLE_ENDIAN, 184 }; 185 186 static bool tz_ppc_dummy_accepts(void *opaque, hwaddr addr, 187 unsigned size, bool is_write, 188 MemTxAttrs attrs) 189 { 190 /* 191 * Board code should never map the upstream end of an unused port, 192 * so we should never try to make a memory access to it. 193 */ 194 g_assert_not_reached(); 195 } 196 197 static const MemoryRegionOps tz_ppc_dummy_ops = { 198 .valid.accepts = tz_ppc_dummy_accepts, 199 }; 200 201 static void tz_ppc_reset(DeviceState *dev) 202 { 203 TZPPC *s = TZ_PPC(dev); 204 205 trace_tz_ppc_reset(); 206 s->cfg_sec_resp = false; 207 memset(s->cfg_nonsec, 0, sizeof(s->cfg_nonsec)); 208 memset(s->cfg_ap, 0, sizeof(s->cfg_ap)); 209 } 210 211 static void tz_ppc_init(Object *obj) 212 { 213 DeviceState *dev = DEVICE(obj); 214 TZPPC *s = TZ_PPC(obj); 215 216 qdev_init_gpio_in_named(dev, tz_ppc_cfg_nonsec, "cfg_nonsec", TZ_NUM_PORTS); 217 qdev_init_gpio_in_named(dev, tz_ppc_cfg_ap, "cfg_ap", TZ_NUM_PORTS); 218 qdev_init_gpio_in_named(dev, tz_ppc_cfg_sec_resp, "cfg_sec_resp", 1); 219 qdev_init_gpio_in_named(dev, tz_ppc_irq_enable, "irq_enable", 1); 220 qdev_init_gpio_in_named(dev, tz_ppc_irq_clear, "irq_clear", 1); 221 qdev_init_gpio_out_named(dev, &s->irq, "irq", 1); 222 } 223 224 static void tz_ppc_realize(DeviceState *dev, Error **errp) 225 { 226 Object *obj = OBJECT(dev); 227 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 228 TZPPC *s = TZ_PPC(dev); 229 int i; 230 int max_port = 0; 231 232 /* We can't create the upstream end of the port until realize, 233 * as we don't know the size of the MR used as the downstream until then. 234 */ 235 for (i = 0; i < TZ_NUM_PORTS; i++) { 236 if (s->port[i].downstream) { 237 max_port = i; 238 } 239 } 240 241 for (i = 0; i <= max_port; i++) { 242 TZPPCPort *port = &s->port[i]; 243 char *name; 244 uint64_t size; 245 246 if (!port->downstream) { 247 /* 248 * Create dummy sysbus MMIO region so the sysbus region 249 * numbering doesn't get out of sync with the port numbers. 250 * The size is entirely arbitrary. 251 */ 252 name = g_strdup_printf("tz-ppc-dummy-port[%d]", i); 253 memory_region_init_io(&port->upstream, obj, &tz_ppc_dummy_ops, 254 port, name, 0x10000); 255 sysbus_init_mmio(sbd, &port->upstream); 256 g_free(name); 257 continue; 258 } 259 260 name = g_strdup_printf("tz-ppc-port[%d]", i); 261 262 port->ppc = s; 263 address_space_init(&port->downstream_as, port->downstream, name); 264 265 size = memory_region_size(port->downstream); 266 memory_region_init_io(&port->upstream, obj, &tz_ppc_ops, 267 port, name, size); 268 sysbus_init_mmio(sbd, &port->upstream); 269 g_free(name); 270 } 271 } 272 273 static const VMStateDescription tz_ppc_vmstate = { 274 .name = "tz-ppc", 275 .version_id = 1, 276 .minimum_version_id = 1, 277 .fields = (VMStateField[]) { 278 VMSTATE_BOOL_ARRAY(cfg_nonsec, TZPPC, 16), 279 VMSTATE_BOOL_ARRAY(cfg_ap, TZPPC, 16), 280 VMSTATE_BOOL(cfg_sec_resp, TZPPC), 281 VMSTATE_BOOL(irq_enable, TZPPC), 282 VMSTATE_BOOL(irq_clear, TZPPC), 283 VMSTATE_BOOL(irq_status, TZPPC), 284 VMSTATE_END_OF_LIST() 285 } 286 }; 287 288 #define DEFINE_PORT(N) \ 289 DEFINE_PROP_LINK("port[" #N "]", TZPPC, port[N].downstream, \ 290 TYPE_MEMORY_REGION, MemoryRegion *) 291 292 static Property tz_ppc_properties[] = { 293 DEFINE_PROP_UINT32("NONSEC_MASK", TZPPC, nonsec_mask, 0), 294 DEFINE_PORT(0), 295 DEFINE_PORT(1), 296 DEFINE_PORT(2), 297 DEFINE_PORT(3), 298 DEFINE_PORT(4), 299 DEFINE_PORT(5), 300 DEFINE_PORT(6), 301 DEFINE_PORT(7), 302 DEFINE_PORT(8), 303 DEFINE_PORT(9), 304 DEFINE_PORT(10), 305 DEFINE_PORT(11), 306 DEFINE_PORT(12), 307 DEFINE_PORT(13), 308 DEFINE_PORT(14), 309 DEFINE_PORT(15), 310 DEFINE_PROP_END_OF_LIST(), 311 }; 312 313 static void tz_ppc_class_init(ObjectClass *klass, void *data) 314 { 315 DeviceClass *dc = DEVICE_CLASS(klass); 316 317 dc->realize = tz_ppc_realize; 318 dc->vmsd = &tz_ppc_vmstate; 319 dc->reset = tz_ppc_reset; 320 dc->props = tz_ppc_properties; 321 } 322 323 static const TypeInfo tz_ppc_info = { 324 .name = TYPE_TZ_PPC, 325 .parent = TYPE_SYS_BUS_DEVICE, 326 .instance_size = sizeof(TZPPC), 327 .instance_init = tz_ppc_init, 328 .class_init = tz_ppc_class_init, 329 }; 330 331 static void tz_ppc_register_types(void) 332 { 333 type_register_static(&tz_ppc_info); 334 } 335 336 type_init(tz_ppc_register_types); 337